Overview

overview

6

Static

static

3

eb19441227...18.exe

windows7-x64

6

eb19441227...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-04-2024 12:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb1944122747dd2512935e41ee4c5bad_JaffaCakes118.exe

  • Size

    509KB

  • MD5

    eb1944122747dd2512935e41ee4c5bad

  • SHA1

    6fc1b0fcfedc4b8125ccf6ea4f1e93fc345c3c38

  • SHA256

    020f025ec74bd79f33bb1eb273435c9a1114565705570a53b9f93fc6b52d33f5

  • SHA512

    2f0a0e9c141b1e85fa879afb72505e12186c4702ff37068bd9fafbfd2e1e69bee2a7261b93ffc08d0a8203da7ba77075c6e9c0c6eb56c9e02efe82b717f00ba6

  • SSDEEP

    6144:0xd0r+zwr2rNy8daL6ku/GWSHaXCMMN+3rhmBF9Z9wBjufk41SWJITj7HU:QdHsr2rNv6aGTSIF9YU84IpnU

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb1944122747dd2512935e41ee4c5bad_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eb1944122747dd2512935e41ee4c5bad_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    PID:4276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4276-0-0x0000000000400000-0x0000000000484000-memory.dmp

    Filesize

    528KB

    Download